how secure is either method? the form method would be more secure if it
was done over https correct?
tonyz
Martín marqués wrote:
On Lun 01 Oct 2001 19:36, you wrote:
I used a pretty basic system to check HTTP authentication values against
database values, but I can't seem to find a way
I used a pretty basic system to check HTTP authentication values against
database values, but I can't seem to find a way to allow the user to log
out. I tried:
unset($PHP_AUTH_USER)
but Internet Explorer hangs on to that value until all browser windows are
closed. Is there any way around
$PHP_AUTH_USER is filled in based on the value coming from the browser.
unsetting it in PHP makes no sense as the browser is simply going to set
it again on the next request. There is no way to clear this from the
client-side short of changing the realm or denying the authentication with
a 403.
3 matches
Mail list logo
